Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• General Motors issued a recall August 4 for 42,984 of its model
year 2011 Buick Regal vehicles due to faulty wiring harness covers that may be
worn down over time and cause a short circuit, thereby increasing the risk of a
fire. – TheCarConnection.com

3. August 4,
TheCarConnection.com – (National) 2016 – 2017 Buick Envision, 2011 Buick Regal
recalled: nearly 48,000 U.S. vehicles affected. General Motors issued a
recall August 4 for 42,984 of its model year 2011 Buick Regal vehicles equipped
with 8-way power adjustable front seats sold in the U.S. due to faulty wiring
harness covers that may be worn down over time and cause a short circuit,
thereby increasing the risk of a fire. The recall also affects 4,558 of its
model years 2016 –2017 Buick Envision vehicles due to inaccurate maximum weight
information printed on the vehicle’s information label which can cause an owner
to overload the vehicle, thereby reducing the ability to control the vehicle
and increasing the risk of a crash.

• The Ford Motor Company issued a recall August 4 for 766,682 of
its model years 2012 – 2016 vehicles in select makes sold in the U.S. due to
faulty side door latches that could unlatch when driving, thereby increasing
the risk of injury. – CNBC

• Maryland officials announced August 3 that the owner and
operator of 6 Liberty Tax franchises in Baltimore has been permanently barred
from preparing Federal tax returns after she allegedly filed 1,222 fraudulent
returns. – U.S. Department of Justice See item 7 below in
the Financial Services Sector

• Officials announced August 4 that Advocate Health Care Network
agreed to pay $5.55 million to resolve alleged violations of Federal patient
privacy laws related to three separate data breaches in 2013 that compromised
the electronic health information of about 4 million patients. – Chicago
Tribune

18. August 5,
Chicago Tribune – (National) Advocate to pay $5.5 million over data breach:
record HIPAA settlement. The U.S. Department Health and Human Services
(HSS) Office for Civil Rights announced August 4 that Advocate Health Care
Network agreed to pay $5.55 million to resolve alleged violations of Federal
patient privacy laws related to three separate data breaches in 2013 involving
its subsidiary, Advocate Medical Group that compromised the electronic health
information of about 4 million patients, including medical information, names,
and credit card numbers, among other data. HHS’ investigation into the breaches
found that company failed to adequately limit access to its information
systems, failed to properly assess the risks associated with the data, and
failed to protect an encrypted laptop containing sensitive data. Source: http://www.chicagotribune.com/business/ct-advocate-settlement-privacy-0805-biz-20160804-story.html

Financial Services Sector

7. August 3,
U.S. Department of Justice – (Maryland) Federal court permanently bars
Maryland tax preparer from preparing federal tax returns. The U.S. District
Court for the District of Maryland announced August 3 that the owner and
operator of 6 Liberty Tax franchises in Baltimore has been permanently barred
from preparing Federal tax returns after she allegedly filed 1,222 fraudulent
tax returns that reported false household help incomes, among other fraudulent
claims, and intentionally omitted Social Security Income and Wage and Tax
Statement income. The charges also allege that the tax preparer kept each
refund as a fee and paid customers a $50 cash payment as part of Liberty Tax’s
“Cash-in-a-Flash” promotion. Source: https://www.justice.gov/opa/pr/federal-court-permanently-bars-maryland-tax-preparer-preparing-federal-tax-returns

Information Technology Sector

22. August 5,
Softpedia – (International) HEIST attack can steal data from
HTTP-encrypted traffic. Two security researchers discovered hackers could
carry out a Web-based attack, dubbed HEIST to steal encrypted content from
Hypertext Transfer Protocol Secure (HTTPS) traffic by embedding special
JavaScript code on a Webpage that fetches content via a hidden JavaScript call
from a private page containing sensitive information including credit card
numbers and Social Security numbers, then pinpoints the size of the embedded
data transferred in small transmission control protocol (TCP) packets using a
repeated probing mechanism in order to guess the content exchanged in the HTTPS
traffic. Researchers advised users to disable support for third-party cookies
or JavaScript execution in their browsers to block HEIST attacks. Source: http://news.softpedia.com/news/heist-attack-can-steal-data-from-https-encrypted-traffic-507009.shtml

23. August 5,
Help Net Security – (International) 58% of orgs have no controls in place to
prevent insider threats. Veriato and other firms released the Insider
Threat Spotlight Report which found that nearly half of the 500 cybersecurity
professionals surveyed experienced an increase in insider attacks since 2015,
58 percent of organizations lack appropriate control to prevent insider
attacks, and 44 percent of those surveyed were unaware if their organization
had experienced an insider attack. The survey also found that the endpoint is the
most common point for a malicious actor to launch an insider attack, followed
by mobile devices. Source: https://www.helpnetsecurity.com/2016/08/05/prevent-insider-threats/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"